April 2017

04/11/2017

McAfee first reported the zero day vulnerability and then FireEye released additional information. Unlike some previous vulnerabilities, you don't have to enable macros for this one to work. The attack starts by opening a malicious Word attachment. The document contains a OLE2link (Object Linking and Embedding), which allows external content to be loaded. The link issues a HTTP request to retrieve a malicious .hta file, which is a HTML application. A script is loaded that closes the original document and shows a bogus one. Although the OLE2link displays a user prompt, the winword.exe process terminates it so the user doesn't see it.

The good news is that a fix is scheduled to be released today. The other positive is that, by default, the file attachment will open in Protected View and warn users. System administrators can configure Protected View so that users can't disable it. Better yet, don't open any Word attachments from a Windows system.

04/10/2017

Western Digital announced a new My Passport SSD that works with any computer including Apple's MacBook and MacBook Pro USB-C models. The drive comes in three capacities (256GB, 512GB and 1TB) for $99.99, $199.99 and $399.99 respectively. As an added bonus, the drive gives you AES 256-bit hardware encryption and has backup software too. The drive comes with an adapter that lets you use the drive with older computers equipped with USB-A ports.

04/06/2017

I've mentioned the No More Ransom website before. The website is a portal for fighting ransomware that is supported by many partners. If you are the unfortunate victim of a ransomware infection, be sure to visit the website to see if there is a free decryption tool available for the contracted ransomware. According to a post on The Hacker News, there have been 15 new decryption tools posted on the portal by partner organizations since December of 2016.

04/05/2017

Everybody wants a faster running computer without spending a lot of additional money. PC & Tech Authority has a post that identifies several things you can do to speed up Windows 10. The first item suggests not requiring a password when starting Windows 10. Sure that will improve start times, but I certainly don't recommend compromising logon security. Another "trick" is to create a shortcut to immediately shutdown the computer. Disabling Startup programs is another good idea, which you should investigate.

The post has some other suggestions such as customizing the visual effects. Essentially, tuning your animation options can help speed things up. Windows 10 has a "fast startup" option too. The faster startup is accomplished by putting the computer into hibernation instead of fully shutting it down. Disabling unneeded Windows services is another good way to speed things up. Why have processes running that you won't use? Don't forget to optimize your disk by running Disk Cleanup to get rid of unnecessary files. Running the defragment tool can help as well, but it is not recommended for solid state drives.

All of the suggestions don't cost you any money. If you have some extra change available, I would recommend adding additional memory and installing a SSD if you don't already have one.

04/04/2017

It isn't by much, but according to StatCounter, Android is the most popular operating system in terms of total Internet usage across all laptops, tablets, desktops and mobile devices combined. The March numbers had Windows at 37.91 percent and Android barely topped that at 37.93 percent. Windows is still the king of desktop operating systems with 84 percent of PCs accessing the Internet. It will be interesting to see if the trend continues and if the gap widens in April.

04/03/2017

Some say it's a convenience, but could also be an invasion of privacy. Perhaps we have no more privacy these days, but all of this tracking stuff, face recognition, license plate photos and other invasions are a bit over the top. The United States Postal Service is rolling out a new feature where it sends you an email notification of pending mail delivery. You won't know what's in the actual envelope, but you can get up to ten black and white images of what will be delivered to your mailbox. The USPS calls the service Informed Delivery and is currently available in Atlanta, Baltimore, Chicago, Dallas, Detroit, Houston, Miami, Minneapolis, New York, Philadelphia, Pittsburgh, San Francisco, Northern Virginia, and Washington DC. Punch in your zip code at the USPS site to see if Informed Delivery is available in your area. Some call it a convenience. I think it's another way for the government to track information about citizens, especially if the data is retained for long periods of time. You opt in for the notifications, but the problem is that the USPS still collects the data.

Sensei Enterprises, Inc.

3975 University Drive
Suite 225
Fairfax, VA 22030
703.359.0700

Disclaimer

This blog is intended to impart general information and does not offer specific legal advice. Use of this blog does not create an attorney-client relationship. If you require legal advice, consult an attorney.